Payments fraud is rising, and small and medium-sized business owners are feeling the strain well beyond the transaction itself. Every dispute adds hours of follow-up work, which cuts into time that would otherwise be spent running and growing the business.
Today’s threats are designed to look legitimate, making fraud more difficult to spot and easier to fall for. According to the Federal Trade Commission, consumers and businesses reported a record $15.9 billion in fraud losses in 2025.
Without the right systems in place, even routine payment processing can become a source of risk rather than a driver of growth for many businesses.
To better understand how these challenges are impacting day-to-day operations, we surveyed over 500 small and medium-sized business (SMB) owners across the U.S., exploring how often they encounter fraud, how they respond, and the time and resources required to manage it.
Key Takeaways
- Over one in three SMB owners who took action against fraud in the past year were forced to dip into personal savings to cover chargeback fees, payroll, or inventory gaps.
- Fraud is most likely to take the following personal toll on SMB owners: increased anxiety about sales (51%), burnout (45%), and second-guessing business decisions (29%).
- 31% of SMBs have faced AI-driven scams this year, with 20% reporting sophisticated AI-generated invoices and payment requests.
- Nearly one in three SMBs has no merchant charge protection processes in place.
How Payments Fraud Is Evolving and Why It’s Harder for SMBs to Manage
Fraud has become more advanced and harder to catch. It slips into everyday business activity, raising minimal red flags. For many SMBs, the biggest challenge is the convincing nature of these attacks, making reliable chargeback protection essential for merchants to verify legitimate claims.
The most common tactics business owners report facing highlight just how varied and believable these threats have become:
- Phishing & social engineering (deceptive emails or texts used to steal payment data or redirect funds): 50%
- Chargeback abuse (false “item not received” or “unauthorized charge” claims): 31%, highlighting the growing need for stronger chargeback protection for merchants
- AI-generated invoices or payment requests (realistic requests posing as vendors or executives): 20%
- Stolen credit/debit cards (unauthorized transactions using compromised details): 20%
- Email-based money rerouting (impersonating vendors or executives to redirect payments): 13%
- AI-generated fake identities (synthetic profiles used to open accounts or bypass checks): 12%
Requests that look familiar are much more likely to be processed without hesitation, especially in fast-moving environments where teams are focused on keeping operations running smoothly. In my role as Chief Risk and Compliance Officer at Kurv, I’ve watched fraud shift from something opportunistic to something deeply engineered. With AI, attackers can generate highly convincing requests and identities at scale, making it much harder to rely on surface-level checks alone.
This shift is also reflected in how frequently businesses encounter AI-driven fraud:
- 31% of SMB owners have faced AI-driven scams this year
- 20% report sophisticated AI-generated invoices or payment requests
- Among SMB owners who have encountered AI-enhanced claims (e.g., fake images or videos), nearly three in 10 say it happens every week.
- Among SMB owners who have encountered AI-generated identities in fraud attempts, nearly one in four say they encounter them weekly.
We’re seeing a shift where fraud now comes with proof that looks real. It’s imperative not to take evidence at face value; instead, validate the behavior behind it and use layered checks to confirm who’s actually on the other side of the transaction. This “shield of layers” isn’t about investing in the most expensive tools, but about adding practical checks that make fraud harder to carry out.
That can include requiring native file uploads to verify image metadata and using out-of-band verification, such as a separate phone call or confirmation step, for any requests involving changes to payments or fund transfers. These small steps can create enough friction to deter automated attacks. By adding verification layers at key points, SMBs can significantly reduce the likelihood of fraud.
As these tactics evolve, the likelihood of experiencing fraud varies across sectors, highlighting a universal need for more secure payment solutions:
- Brick-and-mortar: 70%
- E-commerce: 69%
- Professional services: 56%
- Home services: 50%

For many small businesses, the real strain of fraud comes from the time and effort required to investigate, respond to, and resolve disputes, often pulling focus away from day-to-day operations.
Fraud’s impact on small businesses is also disproportionately high compared to larger organizations. According to the Association of Certified Fraud Examiners, companies with fewer than 100 employees had a median loss of $141,000, the second-largest loss among organizational size categories. The losses may be smaller on paper, but they can have a bigger impact on SMBs since they make up a larger portion of their revenue. The report also estimates that organizations lose roughly 5% of annual revenue to fraud.
Fraud adds a layer of work that’s hard to ignore. Tracking deliveries, pulling logs for merchant account providers, and updating records can quickly eat into time that should be spent running and growing the business.
From what I’ve observed, fraud adds a significant time burden alongside the financial loss for most small businesses. Without dedicated chargeback management software, gathering evidence, checking records, and following up with customers can pull focus away from day-to-day operations. As AI-generated claims become more realistic, verifying what’s genuine is taking more time and scrutiny.
The most time-intensive phases of the dispute process:
- Evidence Collection: 44%
- Customer Communication: 37%
- Checking Records: 18%
- Technical Investigation: 17%
- Fixing the Books: 13%
- Loss Analysis: 12%
Despite the time burden, only 70% of SMBs have fraud protection measures in place, and many still rely on manual or reactive approaches rather than integrated payment solutions.
Top fraud protections currently in place:
- Manual review team: A human (staff member) who manually reviews “flagged” orders before shipping: 29%
- Standard gateway checks: Basic card checks (like verifying the billing address and the three-digit security code on the back of the card): 27%
- Internal blacklists: Lists teams keep of blocked emails, IP addresses, or shipping addresses: 22%
- Extra security steps at checkout: A text code sent to the customer: 21%
- Post-transaction alerts: Chargeback management software that notifies the merchant the moment a chargeback is initiated: 15%
- Identity verification (IDV): Manually or automatically requiring customers to upload a government ID for high-risk orders: 11%
Most businesses end up using several tools to manage fraud, and they don’t always work as well as integrated payment gateway solutions. That usually means more hands-on work, like checking things in multiple places and trying to connect the dots, instead of stopping fraud earlier in the process. It becomes even more important when evaluating payment gateway solutions or choosing between merchant account providers, since fraud protection levels can vary.
Adoption of fraud protection measures also varies widely by industry, often reflecting differences in transaction volume and risk exposure:
- Brick-and-mortar: 88%
- E-commerce: 76%
- Home services: 71%
- Professional services: 61%
Even with protections in place, the impact of fraud extends beyond operations and into the day-to-day experience of running a business. Across industries, business owners report clear emotional and professional strain:
- Brick-and-mortar – Increased anxiety over online sales: 55%
- E-commerce – Increased anxiety over online sales: 70%
- Home services – Stress or burnout: 65%
- Professional services – Stress or burnout: 57%
Perhaps most concerning, half of SMB owners say they would process certain requests without secondary verification, even when they could be fraudulent. The top requests include:
- The bank fraud alert: A text from a bank asking the recipient to click a link to verify a suspicious charge to prevent a business debit card from being frozen: 29%
- The review scam: A customer emailing a link to a photo of a subpar item or service, hosted on a Google Drive or Dropbox link that requires a login: 16%
- The shipping snafu: A text or email from FedEx or UPS about an office package held in customs that requires a redelivery fee paid via a link: 13%
- The legal threat: A notice of trademark infringement or tax audit email with a password-protected PDF that requires the user to run a small program to see specific charges: 12%
- The late vendor payment: An email from a regular supplier (using their actual name) claiming they’ve changed banks and need an invoice paid to a new ACH account to avoid a shipping delay: 10%
- The payroll pivot: An email from a long-time employee asking to update their direct deposit to a new digital bank due to an issue with their old account: 8%
My rule of thumb is simple: if a request involves money movement or sensitive changes, it shouldn’t rely on trust alone. Verifying through a second channel is an incredibly easy, low-cost way to prevent these attacks before they escalate.
Rethinking Fraud Prevention
Beyond draining time and resources, payment fraud undermines trust and stifles confidence for small and medium-sized businesses. As tactics become harder to spot, implementing integrated payment solutions and payment processing can reduce the hours spent reviewing transactions, gathering evidence, and managing disputes.
To reduce that burden, SMBs can adopt layered fraud prevention measures such as transaction monitoring, identity verification, address verification, and stronger authentication processes. For e-commerce merchants, card-not-present (CNP) protections, including tokenization, AVS, and CVV checks, can help reduce risk and improve dispute management.
In a time when AI-driven fraud is engineered to blend into daily operations, businesses that combine employee education, layered verification, and ongoing monitoring are often better positioned to reduce disputes, limit financial losses, and maintain customer trust.
To find out how Kurv’s advanced chargeback management software helps SMBs make security an invisible asset, please see here.
Methodology
To explore how fraud is impacting SMBs, we surveyed 511 small and medium-sized business owners in America. The data has a 95% confidence level and a low 4% margin of error. Because this exploratory research relied on self-reported data, respondents may have biases, and discrepancies may exist between their answers and their actual experiences.
Fair Use Statement
We’d love for you to share these findings, but please attribute to Kurv by sharing a link to this page.





